Duo Security Integration Kit 3.x

The Duo Security Integration Kit allows PingFederate to use Duo Universal Prompt for multi-factor authentication (MFA). This sign-on experience uses OpenID Connect standards and does not require or support iFrames.

This documentation is for Duo Security Integration Kit 3.0 and later. For earlier versions of the integration kit, see the Duo Security Integration Kit 2.2 documentation.

Upgrade considerations

The Duo Security Integration Kit 3.0 and later no longer support the session state feature or the adapter session feature. If you were using the adapter session feature previously, you can configure authentication sessions instead.

The authentication sessions feature doesn’t have complete feature parity with the adapter session feature. For example, the authentication sessions feature doesn’t support session sharing between composite adapters. To use authentication sessions with the Duo Security Integration Kit 3.0 and later, remove any interfering composite adapters.

Features

Supports Duo’s Standard Editions and Federal Editions
Supports Duo’s OpenID Connect-enabled APIs.
Supports the Duo Universal Prompt authentication experience.
Supports the PingFederate Authentication API.
Supports the JavaScript Widget for the PingFederate Authentication API.

Components

The Duo Security IdP Adapter:

Allows PingFederate to redirect users to Duo Universal Prompt for a multi-factor authentication (MFA) challenge during sign on.
Allows for MFA when single sign-on (SSO) is initiated at the identity provider (IdP) or service provider (SP).

Intended audience

This document is intended for PingFederate administrators.

If you need help during the setup process, see the following resources:

The following sections of the Duo Universal Prompt documentation:
The following sections of the PingFederate documentation:
- Managing IdP adapters
- Authentication Policies

System requirements

PingFederate 10.3 or later
A Duo Universal Prompt administrator account